Can BIOS virus/malware be used to steal data?

Since a BIOS isn’t connected to the internet, even if your BIOS is infected with a malware (say you used a usb to flash it but with files that wasn’t from the official motherboard manufacturer’s site). Is the damage limited locally to the functionality of your system? In that your data can’t really be transmitted through the internet to another party?